If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

upgrade completed/bad code removed

Hi folks:

The board was hacked. The problem is now resolved and the bad code was removed by my cool hosting company guys (I could see it in the source code but couldn't find where they'd hidden it in the page files; there are a hundred or more board files and some have over a thousand lines of code!! The hosting company could do their own scan to find it); board updates are also installed.

BTW the hosting company says these exploits generally also take advantage of Internet Explorer browsers if you are on a PC and not a Mac or Linux/Unix... people will get some additional protection by using a browser like Firefox.

And run a virus scan. There's a lot of nasty stuff going around that you can get *simply by going to a particular webpage*, you don;t even have to open a file to get infected. The way the code worked on my hacked site was: when your browser opened my home page (the index page) there was an invisible piece of code in the page that laucnhed a redirect command -- telling your browser to go to another webpage where it would install a virus file automatically. This file enables the hackers to use your computer to send out more of the same virus, which causes your computer to slow down considerably (a tell tale sign of a virus, worm or trojan like this on your PC).

The best defense is:

1) use a Mac; 99% of viruses target Windows
2) keep your windows updates up to date
3) keep your virus software up to date (eg it should check at least once daily for updates)
4) use another browser than internet explorer -- Firefox or Opera for example
5) you should run a firewall as well as virus software
6) don;t open any odd looking file or click to a link to any webpage that comes in an email from someone you don't know

My deepest apologies if your computer was infected by the Trojan Moo virus. This is a virus that is about a year old so most people should not have had a problem, assuming you keep your virus definitions up to date. If you have *any doubts*, run the scan above. If you have a Mac or are running Linux/Unix, you wouldn't have had any chance of being infected.

Donna that happened to me a couple of weeks ago. Isn't it infuriating?
I had saved quite alot onto CD, but not the recent stuff. It is so maddening when it happens and I resolve everytime to keep up to date with backing up but it is one of those jobs that I always plan to do tomorrow.
Warm wishes,
Ruth

how did they install it? was it by being a 'member' that they could, or does it matter if they are registered?

I don't really understand how it is done. I believe they exploited a known vulnerability in the code that had been patched in later versions but I hadn't updated as updating can be very laborious -- cutting and pasting in lines of code by hand. Now I found a great programme that allows updates to be installed automatically so in future my site will be right up to date! They could post as guests but I think they'd registered. But I don;t think it was actual people it was a bot that autoregisters as they typically leave weird emails that don;t make much sense, like really vague comments.

I did a hacking class once -- there are various ways of spoofing the site to gain access to files and that is what they did. One way allows you to trick the database into allowing you to create an extra file which then allows you to gain access to the whole site and passwords. We actually did this in the hacking class and it was scary to see how easy it was -- a vulbnerability in SQL databases. That vulnerability is n longer in the code for the board but it used to be possible to hack the boards in this way (and you'd be surprised how many websites have it still). I hasten to add the class was for teaching sysadmins how attacks are done and therefore how to block them!

BTW for those who have had a computer crash -- if the info is valuable many places that do info retrieval can get the information back -- it is still there, the PC just no longer has a way of telling you what it there (it is as if a restaurant lost all its menus -- the food would still be there but no way of you seeing what is on offer). But the cost may not be worth it. A programme like Norton Utilities can often retrieve all the files, or at least the ones you really want.

Thanks Ruth & Karlin The info wasn't that much to worry about thankfully. We have got a separate external hard drive on this computer as well so we regularly do back ups. I just lost quite a few pictures and things and loads of links to favourite sites